backend-manager 5.2.14 → 5.2.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/docs/consent.md +7 -4
- package/docs/marketing-campaigns.md +1 -1
- package/package.json +1 -1
- package/src/cli/commands/setup-tests/env-runtime-config-deprecated.js +1 -1
- package/src/manager/functions/_legacy/admin/create-post.js +2 -2
- package/src/manager/functions/core/actions/api/admin/create-post.js +1 -1
- package/src/manager/functions/core/actions/api/admin/edit-post.js +2 -2
- package/src/manager/functions/core/actions/api/admin/write-repo-content.js +2 -2
- package/src/manager/functions/core/actions/api/general/fetch-post.js +2 -2
- package/src/manager/libraries/email/generators/lib/image-host.js +3 -3
- package/src/manager/routes/admin/post/post.js +2 -2
- package/src/manager/routes/admin/post/put.js +2 -2
- package/src/manager/routes/admin/repo/content/post.js +2 -2
- package/src/manager/routes/content/post/get.js +2 -2
- package/src/manager/routes/user/signup/post.js +20 -14
- package/src/manager/schemas/user/signup/post.js +12 -8
- package/src/test/test-accounts.js +12 -0
- package/templates/_.env +3 -3
- package/test/functions/admin/edit-post.js +9 -9
- package/test/functions/admin/write-repo-content.js +3 -3
- package/test/routes/admin/create-post.js +6 -6
- package/test/routes/admin/post.js +9 -9
- package/test/routes/admin/repo-content.js +3 -3
- package/test/routes/user/signup.js +89 -0
package/CHANGELOG.md
CHANGED
|
@@ -14,6 +14,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
|
14
14
|
- `Fixed` for any bug fixes.
|
|
15
15
|
- `Security` in case of vulnerabilities.
|
|
16
16
|
|
|
17
|
+
# [5.2.16] - 2026-05-28
|
|
18
|
+
|
|
19
|
+
### Removed
|
|
20
|
+
|
|
21
|
+
- **Dropped the legacy top-level `affiliateCode` field from `/user/signup`.** UJM and all current consumers send the referral code as `attribution.affiliate.code`; the top-level `affiliateCode` (and the normalize-to-`attribution` shim + the `processAffiliate` fallback that read it) was a dead legacy path. Removed from `src/manager/schemas/user/signup/post.js`, the `buildUserRecord` normalize block, and the `processAffiliate` lookup in `src/manager/routes/user/signup/post.js`. The route now reads referral codes exclusively from `attribution.affiliate.code`. (The legacy `bm_api` sign-up action `functions/core/actions/api/user/sign-up.js` is unchanged.)
|
|
22
|
+
|
|
23
|
+
### Fixed
|
|
24
|
+
|
|
25
|
+
- **Consent: never downgrade an existing granted consent on `/user/signup`** (`src/manager/routes/user/signup/post.js`). A legacy account — signed up before the `flags.signupProcessed` completion flow existed, so the flag was never set — re-fires `/user/signup` on every page load until the flag flips. Its consent payload arrives empty (the original is long gone from `localStorage`), which previously computed `'revoked'` and, on the `{ merge: true }` write, wiped the consent the user actually granted months ago. `buildConsentRecord` now reads the existing doc's consent and preserves any already-`granted` status when the incoming payload doesn't explicitly re-grant it. A genuine new grant still applies; an at-signup decline with no prior grant still records the decline. Added `consent-empty-payload-preserves-existing-grant` and `consent-explicit-decline-does-not-downgrade-existing-grant` tests (+ a dedicated `consent-preserve` test account). See `docs/consent.md`.
|
|
26
|
+
|
|
27
|
+
### Changed
|
|
28
|
+
|
|
29
|
+
- **`user/signup` schema: shaped the `consent` field.** `src/manager/schemas/user/signup/post.js` now declares the nested `consent.{legal,marketing}.{granted,text}` shape instead of a bare passthrough object, documenting the input contract at the schema layer (the SSOT for request shape). Each sub-object is optional — omitting it leaves existing consent untouched (see the downgrade guard above).
|
|
30
|
+
|
|
31
|
+
# [5.2.15] - 2026-05-28
|
|
32
|
+
|
|
33
|
+
### Changed
|
|
34
|
+
|
|
35
|
+
- **Standardized the GitHub token env var `GITHUB_TOKEN` → `GH_TOKEN`** across the entire repo, to match the convention used in all other ITW repos. Updated every GitHub-backed route and action (`admin/post`, `content/post`, `admin/repo/content`, `general/fetch-post`, `admin/write-repo-content`, `admin/edit-post`, `admin/create-post`, legacy `create-post`), the email image-host library (`libraries/email/generators/lib/image-host.js`), the CLI deprecated-env notice, the `templates/_.env` scaffold, the `docs/marketing-campaigns.md` reference, and all related test files. This is a hard rename with no fallback — any environment (CI, prod, local `.env`) that still sets `GITHUB_TOKEN` must switch to `GH_TOKEN` for the GitHub-backed routes to work.
|
|
36
|
+
|
|
17
37
|
# [5.2.14] - 2026-05-28
|
|
18
38
|
|
|
19
39
|
### Removed
|
package/docs/consent.md
CHANGED
|
@@ -67,16 +67,19 @@ There are four places where consent gets recorded or updated. All four converge
|
|
|
67
67
|
}
|
|
68
68
|
```
|
|
69
69
|
|
|
70
|
-
`buildConsentRecord(assistant, settings.consent)` translates this into the canonical user-doc shape:
|
|
70
|
+
`buildConsentRecord(assistant, settings.consent, creationTime, existingConsent)` translates this into the canonical user-doc shape:
|
|
71
71
|
|
|
72
|
-
- `legal.granted: true` → `legal.status = 'granted'`, `grantedAt` populated with `source: 'signup'` + **
|
|
72
|
+
- `legal.granted: true` → `legal.status = 'granted'`, `grantedAt` populated with `source: 'signup'` + **timestamp from Auth `creationTime`** + server-detected IP + exact label text.
|
|
73
73
|
- `marketing.granted: false` → `marketing.status = 'revoked'`, `grantedAt` all-null, `revokedAt` populated with `source: 'signup'`. (Records the explicit decline.)
|
|
74
|
-
- Missing `consent` block (legacy client) → both default to `'revoked'`.
|
|
75
74
|
|
|
76
|
-
**
|
|
75
|
+
**Timestamps come from Firebase Auth `creationTime`,** not request time, so `consent.grantedAt` matches `metadata.created` (the OMEGA user migration treats `metadata.created` as the SSOT and reconciles `grantedAt` against it — stamping from request time made every new signup drift by a few seconds and get re-fixed on the next migration run).
|
|
76
|
+
|
|
77
|
+
**Server-derived time is authoritative.** Client-supplied timestamps are ignored — defends against clock manipulation by malicious clients.
|
|
77
78
|
|
|
78
79
|
**Strict boolean check.** Only `granted === true` counts as granted. `'true'`, `1`, or other truthy values are rejected.
|
|
79
80
|
|
|
81
|
+
**Never downgrades an existing grant (data-loss guard).** A legacy account — one signed up before the `flags.signupProcessed` completion flow existed, so its flag was never set — re-fires `/user/signup` on every page load until the flag flips. Its consent was captured months ago and is long gone from `localStorage`, so the payload arrives empty. Without protection, `buildConsentRecord` would compute `'revoked'` and the `{ merge: true }` write would wipe the consent the user actually granted. The guard reads the existing doc's consent (`existingConsent`) and **preserves any already-`granted` status when the incoming payload does not explicitly re-grant it.** A genuine new grant still applies; an at-signup decline with no prior grant still records the decline. (The primary mitigation is OMEGA migration Fix 4f, which backfills `flags.signupProcessed: true` for established accounts so they never re-fire; this guard is the backstop for the deploy-before-migration gap.)
|
|
82
|
+
|
|
80
83
|
**Marketing sync gating.** After writing the user doc, the route checks `userRecord.consent.marketing.status === 'granted'` before calling `mailer.sync(uid)`. Declining the marketing checkbox means the user is created normally, gets transactional emails, but is NEVER added to SendGrid / Beehiiv marketing lists.
|
|
81
84
|
|
|
82
85
|
### 2. Account-page toggle (Phase D)
|
|
@@ -208,7 +208,7 @@ Templates add their own fields on top (e.g. classic adds `intro` + `sections`; f
|
|
|
208
208
|
|
|
209
209
|
This means the newsletter is never "stuck" — even with Beehiiv disabled or failing, you get an actionable email pointing to ready-to-paste assets. The alert is best-effort; failure to send is logged but does not block the Firestore campaign-doc write.
|
|
210
210
|
|
|
211
|
-
Requires `
|
|
211
|
+
Requires `GH_TOKEN` env var (org-scoped, write access to `newsletter-assets`). Without it, the cron's HTML/image upload calls throw and the run aborts.
|
|
212
212
|
|
|
213
213
|
## Iteration test asset story
|
|
214
214
|
|
package/package.json
CHANGED
|
@@ -36,7 +36,7 @@ class EnvRuntimeConfigDeprecatedTest extends BaseTest {
|
|
|
36
36
|
' The new format uses individual environment variables:\n' +
|
|
37
37
|
' BACKEND_MANAGER_KEY=\n' +
|
|
38
38
|
' BACKEND_MANAGER_NAMESPACE=\n' +
|
|
39
|
-
'
|
|
39
|
+
' GH_TOKEN=\n' +
|
|
40
40
|
' Please update your .env file manually and remove RUNTIME_CONFIG.'
|
|
41
41
|
);
|
|
42
42
|
}
|
|
@@ -55,7 +55,7 @@ let Module = {
|
|
|
55
55
|
return new Promise(async function(resolve, reject) {
|
|
56
56
|
let finalPath = poster.removeDirDot(meta.finalPath);
|
|
57
57
|
let tempPath = (meta.tempPath);
|
|
58
|
-
await createFile(self.Manager.config?.github?.user, repoInfo.user, repoInfo.name, process.env.
|
|
58
|
+
await createFile(self.Manager.config?.github?.user, repoInfo.user, repoInfo.name, process.env.GH_TOKEN, finalPath, await poster.readImage(tempPath))
|
|
59
59
|
.catch((e) => {
|
|
60
60
|
// console.log('---CAUGHT 1', e);
|
|
61
61
|
})
|
|
@@ -66,7 +66,7 @@ let Module = {
|
|
|
66
66
|
let finalPost = await poster.create(assistant.request.data);
|
|
67
67
|
|
|
68
68
|
// Save post OR commit
|
|
69
|
-
await createFile(self.Manager.config?.github?.user, repoInfo.user, repoInfo.name, process.env.
|
|
69
|
+
await createFile(self.Manager.config?.github?.user, repoInfo.user, repoInfo.name, process.env.GH_TOKEN, poster.removeDirDot(finalPost.path), finalPost.content)
|
|
70
70
|
.catch((e) => {
|
|
71
71
|
response.status = 400;
|
|
72
72
|
response.error = new Error('Failed to post: ' + e);
|
|
@@ -25,7 +25,7 @@ Module.prototype.main = function () {
|
|
|
25
25
|
}
|
|
26
26
|
|
|
27
27
|
// Check for GitHub configuration
|
|
28
|
-
if (!process.env.
|
|
28
|
+
if (!process.env.GH_TOKEN) {
|
|
29
29
|
return reject(assistant.errorify(`GitHub API key not configured.`, {code: 500}));
|
|
30
30
|
}
|
|
31
31
|
|
|
@@ -42,7 +42,7 @@ Module.prototype.main = function () {
|
|
|
42
42
|
|
|
43
43
|
// Setup Octokit
|
|
44
44
|
self.octokit = new Octokit({
|
|
45
|
-
auth: process.env.
|
|
45
|
+
auth: process.env.GH_TOKEN,
|
|
46
46
|
});
|
|
47
47
|
|
|
48
48
|
// Check for required values
|
|
@@ -25,7 +25,7 @@ Module.prototype.main = function () {
|
|
|
25
25
|
}
|
|
26
26
|
|
|
27
27
|
// Check for GitHub configuration
|
|
28
|
-
if (!process.env.
|
|
28
|
+
if (!process.env.GH_TOKEN) {
|
|
29
29
|
return reject(assistant.errorify(`GitHub API key not configured.`, {code: 500}));
|
|
30
30
|
}
|
|
31
31
|
|
|
@@ -42,7 +42,7 @@ Module.prototype.main = function () {
|
|
|
42
42
|
|
|
43
43
|
// Setup Octokit
|
|
44
44
|
self.octokit = new Octokit({
|
|
45
|
-
auth: process.env.
|
|
45
|
+
auth: process.env.GH_TOKEN,
|
|
46
46
|
});
|
|
47
47
|
|
|
48
48
|
// Check for required values
|
|
@@ -14,7 +14,7 @@ Module.prototype.main = function () {
|
|
|
14
14
|
|
|
15
15
|
return new Promise(async function(resolve, reject) {
|
|
16
16
|
// Check for GitHub configuration
|
|
17
|
-
if (!process.env.
|
|
17
|
+
if (!process.env.GH_TOKEN) {
|
|
18
18
|
return reject(assistant.errorify(`GitHub API key not configured.`, {code: 500}));
|
|
19
19
|
}
|
|
20
20
|
|
|
@@ -24,7 +24,7 @@ Module.prototype.main = function () {
|
|
|
24
24
|
|
|
25
25
|
// Setup Octokit
|
|
26
26
|
const octokit = new Octokit({
|
|
27
|
-
auth: process.env.
|
|
27
|
+
auth: process.env.GH_TOKEN,
|
|
28
28
|
});
|
|
29
29
|
|
|
30
30
|
// Setup options
|
|
@@ -59,7 +59,7 @@ const PNG_MAGIC = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a]);
|
|
|
59
59
|
* @param {string} [args.subject] - Newsletter subject. Embedded in the commit message so
|
|
60
60
|
* `git log` reads as a human-browseable history.
|
|
61
61
|
* @param {string} [args.commitMessage] - Full override of the default commit message
|
|
62
|
-
* @param {string} [args.token] - GitHub token (defaults to process.env.
|
|
62
|
+
* @param {string} [args.token] - GitHub token (defaults to process.env.GH_TOKEN)
|
|
63
63
|
* @param {object} [args.assistant] - logger
|
|
64
64
|
* @returns {Promise<{ urls: string[], paths: string[], htmlUrl?: string, htmlPath?: string, folderUrl: string, commitSha: string }>}
|
|
65
65
|
*/
|
|
@@ -76,10 +76,10 @@ async function uploadAssets({ images, html, markdown, summary, brandId, campaign
|
|
|
76
76
|
validateBrandId(brandId);
|
|
77
77
|
validateCampaignId(campaignId);
|
|
78
78
|
|
|
79
|
-
const githubToken = token || process.env.
|
|
79
|
+
const githubToken = token || process.env.GH_TOKEN;
|
|
80
80
|
|
|
81
81
|
if (!githubToken) {
|
|
82
|
-
throw new Error('image-host:
|
|
82
|
+
throw new Error('image-host: GH_TOKEN env var (or token arg) is required');
|
|
83
83
|
}
|
|
84
84
|
|
|
85
85
|
const log = (msg) => assistant?.log ? assistant.log(`[image-host] ${msg}`) : null;
|
|
@@ -37,7 +37,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
37
37
|
}
|
|
38
38
|
|
|
39
39
|
// Check for GitHub configuration
|
|
40
|
-
if (!process.env.
|
|
40
|
+
if (!process.env.GH_TOKEN) {
|
|
41
41
|
return assistant.respond('GitHub API key not configured.', { code: 500 });
|
|
42
42
|
}
|
|
43
43
|
|
|
@@ -52,7 +52,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
52
52
|
|
|
53
53
|
// Setup Octokit
|
|
54
54
|
const octokit = new Octokit({
|
|
55
|
-
auth: process.env.
|
|
55
|
+
auth: process.env.GH_TOKEN,
|
|
56
56
|
});
|
|
57
57
|
|
|
58
58
|
// Check for required values
|
|
@@ -20,7 +20,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
20
20
|
}
|
|
21
21
|
|
|
22
22
|
// Check for GitHub configuration
|
|
23
|
-
if (!process.env.
|
|
23
|
+
if (!process.env.GH_TOKEN) {
|
|
24
24
|
return assistant.respond('GitHub API key not configured.', { code: 500 });
|
|
25
25
|
}
|
|
26
26
|
|
|
@@ -35,7 +35,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
35
35
|
|
|
36
36
|
// Setup Octokit
|
|
37
37
|
const octokit = new Octokit({
|
|
38
|
-
auth: process.env.
|
|
38
|
+
auth: process.env.GH_TOKEN,
|
|
39
39
|
});
|
|
40
40
|
|
|
41
41
|
// Check for required values
|
|
@@ -17,7 +17,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
17
17
|
}
|
|
18
18
|
|
|
19
19
|
// Check for GitHub configuration
|
|
20
|
-
if (!process.env.
|
|
20
|
+
if (!process.env.GH_TOKEN) {
|
|
21
21
|
return assistant.respond('GitHub API key not configured.', { code: 500 });
|
|
22
22
|
}
|
|
23
23
|
|
|
@@ -31,7 +31,7 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
|
|
|
31
31
|
|
|
32
32
|
// Setup Octokit
|
|
33
33
|
const octokit = new Octokit({
|
|
34
|
-
auth: process.env.
|
|
34
|
+
auth: process.env.GH_TOKEN,
|
|
35
35
|
});
|
|
36
36
|
|
|
37
37
|
// Check for required values
|
|
@@ -8,7 +8,7 @@ const { parse } = require('yaml');
|
|
|
8
8
|
module.exports = async ({ assistant, Manager, settings, analytics }) => {
|
|
9
9
|
|
|
10
10
|
// Check for GitHub configuration
|
|
11
|
-
if (!process.env.
|
|
11
|
+
if (!process.env.GH_TOKEN) {
|
|
12
12
|
return assistant.respond('GitHub API key not configured.', { code: 500 });
|
|
13
13
|
}
|
|
14
14
|
|
|
@@ -18,7 +18,7 @@ module.exports = async ({ assistant, Manager, settings, analytics }) => {
|
|
|
18
18
|
|
|
19
19
|
// Setup Octokit
|
|
20
20
|
const octokit = new Octokit({
|
|
21
|
-
auth: process.env.
|
|
21
|
+
auth: process.env.GH_TOKEN,
|
|
22
22
|
});
|
|
23
23
|
|
|
24
24
|
// Check for required parameters
|
|
@@ -61,7 +61,7 @@ module.exports = async ({ assistant, user, settings, libraries }) => {
|
|
|
61
61
|
// 4. Gather all data, then write once
|
|
62
62
|
const email = user.auth.email;
|
|
63
63
|
const inferred = await inferUserContact(assistant, email);
|
|
64
|
-
const userRecord = buildUserRecord(assistant, settings, inferred, authUser.metadata.creationTime);
|
|
64
|
+
const userRecord = buildUserRecord(assistant, settings, inferred, authUser.metadata.creationTime, userDoc);
|
|
65
65
|
|
|
66
66
|
assistant.log(`signup(): Writing user record for ${uid}`, userRecord);
|
|
67
67
|
|
|
@@ -113,15 +113,10 @@ async function pollForUserDoc(assistant, uid) {
|
|
|
113
113
|
/**
|
|
114
114
|
* Build the full user record: client details, attribution, and inferred contact
|
|
115
115
|
*/
|
|
116
|
-
function buildUserRecord(assistant, settings, inferred, creationTime) {
|
|
116
|
+
function buildUserRecord(assistant, settings, inferred, creationTime, existingDoc) {
|
|
117
117
|
const Manager = assistant.Manager;
|
|
118
118
|
const attribution = settings.attribution;
|
|
119
119
|
|
|
120
|
-
// Legacy support: if affiliateCode exists, normalize to new format
|
|
121
|
-
if (settings.affiliateCode && !attribution.affiliate?.code) {
|
|
122
|
-
attribution.affiliate = { code: settings.affiliateCode };
|
|
123
|
-
}
|
|
124
|
-
|
|
125
120
|
const record = {
|
|
126
121
|
flags: {
|
|
127
122
|
signupProcessed: true,
|
|
@@ -138,7 +133,7 @@ function buildUserRecord(assistant, settings, inferred, creationTime) {
|
|
|
138
133
|
},
|
|
139
134
|
},
|
|
140
135
|
attribution: attribution || {},
|
|
141
|
-
consent: buildConsentRecord(assistant, settings.consent, creationTime),
|
|
136
|
+
consent: buildConsentRecord(assistant, settings.consent, creationTime, existingDoc?.consent),
|
|
142
137
|
metadata: Manager.Metadata().set({ tag: 'user/signup' }),
|
|
143
138
|
};
|
|
144
139
|
|
|
@@ -184,7 +179,7 @@ function buildUserRecord(assistant, settings, inferred, creationTime) {
|
|
|
184
179
|
* record what the client sent, but the route will not have reached this point in practice
|
|
185
180
|
* (the signup-form HTML5-requires the legal checkbox).
|
|
186
181
|
*/
|
|
187
|
-
function buildConsentRecord(assistant, clientConsent, creationTime) {
|
|
182
|
+
function buildConsentRecord(assistant, clientConsent, creationTime, existingConsent) {
|
|
188
183
|
const consent = clientConsent || {};
|
|
189
184
|
const ip = assistant.request.geolocation?.ip || null;
|
|
190
185
|
|
|
@@ -202,7 +197,7 @@ function buildConsentRecord(assistant, clientConsent, creationTime) {
|
|
|
202
197
|
const legalGranted = consent.legal?.granted === true;
|
|
203
198
|
const legalText = typeof consent.legal?.text === 'string' ? consent.legal.text : null;
|
|
204
199
|
|
|
205
|
-
|
|
200
|
+
let legal = legalGranted
|
|
206
201
|
? {
|
|
207
202
|
status: 'granted',
|
|
208
203
|
grantedAt: { timestamp, timestampUNIX, source: 'signup', ip, text: legalText },
|
|
@@ -216,7 +211,7 @@ function buildConsentRecord(assistant, clientConsent, creationTime) {
|
|
|
216
211
|
const marketingGranted = consent.marketing?.granted === true;
|
|
217
212
|
const marketingText = typeof consent.marketing?.text === 'string' ? consent.marketing.text : null;
|
|
218
213
|
|
|
219
|
-
|
|
214
|
+
let marketing = marketingGranted
|
|
220
215
|
? {
|
|
221
216
|
status: 'granted',
|
|
222
217
|
grantedAt: { timestamp, timestampUNIX, source: 'signup', ip, text: marketingText },
|
|
@@ -229,6 +224,19 @@ function buildConsentRecord(assistant, clientConsent, creationTime) {
|
|
|
229
224
|
revokedAt: { timestamp, timestampUNIX, source: 'signup', ip, text: null },
|
|
230
225
|
};
|
|
231
226
|
|
|
227
|
+
// Never DOWNGRADE an existing granted consent. A legacy account (signed up before this
|
|
228
|
+
// flow, flags.signupProcessed never set) re-fires /user/signup on page load with empty
|
|
229
|
+
// consent — which would compute status 'revoked' above and, on a {merge:true} write, wipe
|
|
230
|
+
// out the consent they actually granted months ago. If the existing doc already has a
|
|
231
|
+
// consent granted and the incoming payload doesn't explicitly re-grant it, preserve the
|
|
232
|
+
// existing record. A genuine new grant or an at-signup decline (no prior grant) still applies.
|
|
233
|
+
if (existingConsent?.legal?.status === 'granted' && legal.status !== 'granted') {
|
|
234
|
+
legal = existingConsent.legal;
|
|
235
|
+
}
|
|
236
|
+
if (existingConsent?.marketing?.status === 'granted' && marketing.status !== 'granted') {
|
|
237
|
+
marketing = existingConsent.marketing;
|
|
238
|
+
}
|
|
239
|
+
|
|
232
240
|
assistant.log(`buildConsentRecord: legal=${legal.status}, marketing=${marketing.status} (raw input legal.granted=${consent.legal?.granted}, marketing.granted=${consent.marketing?.granted})`);
|
|
233
241
|
|
|
234
242
|
return { legal, marketing };
|
|
@@ -262,9 +270,7 @@ async function inferUserContact(assistant, email) {
|
|
|
262
270
|
*/
|
|
263
271
|
async function processAffiliate(assistant, uid, email, settings) {
|
|
264
272
|
const { admin } = assistant.Manager.libraries;
|
|
265
|
-
const affiliateCode = settings.attribution?.affiliate?.code
|
|
266
|
-
|| settings.affiliateCode
|
|
267
|
-
|| null;
|
|
273
|
+
const affiliateCode = settings.attribution?.affiliate?.code || null;
|
|
268
274
|
|
|
269
275
|
if (!affiliateCode) {
|
|
270
276
|
return;
|
|
@@ -4,11 +4,6 @@ module.exports = ({ user }) => ({
|
|
|
4
4
|
default: user?.auth?.uid,
|
|
5
5
|
required: false,
|
|
6
6
|
},
|
|
7
|
-
affiliateCode: {
|
|
8
|
-
types: ['string'],
|
|
9
|
-
default: undefined,
|
|
10
|
-
required: false,
|
|
11
|
-
},
|
|
12
7
|
attribution: {
|
|
13
8
|
types: ['object'],
|
|
14
9
|
default: {},
|
|
@@ -19,9 +14,18 @@ module.exports = ({ user }) => ({
|
|
|
19
14
|
default: {},
|
|
20
15
|
required: false,
|
|
21
16
|
},
|
|
17
|
+
// Consent decision captured at signup. Each sub-object is OPTIONAL — if the client omits
|
|
18
|
+
// `legal`/`marketing` (e.g. a legacy account re-firing /user/signup on page load with no
|
|
19
|
+
// fresh consent), the route leaves that consent untouched rather than downgrading it.
|
|
20
|
+
// When present, `granted` is the decision and `text` is the exact copy shown to the user.
|
|
22
21
|
consent: {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
22
|
+
legal: {
|
|
23
|
+
granted: { types: ['boolean'], required: false },
|
|
24
|
+
text: { types: ['string'], required: false },
|
|
25
|
+
},
|
|
26
|
+
marketing: {
|
|
27
|
+
granted: { types: ['boolean'], required: false },
|
|
28
|
+
text: { types: ['string'], required: false },
|
|
29
|
+
},
|
|
26
30
|
},
|
|
27
31
|
});
|
|
@@ -193,6 +193,18 @@ const STATIC_ACCOUNTS = {
|
|
|
193
193
|
subscription: { product: { id: 'basic' }, status: 'active' },
|
|
194
194
|
},
|
|
195
195
|
},
|
|
196
|
+
// Used to verify the never-downgrade guard: the test seeds this account's doc with already-
|
|
197
|
+
// granted consent, then re-fires /user/signup with an empty consent payload and asserts the
|
|
198
|
+
// grant is preserved (not flipped to revoked). Dedicated account so the seeded state is isolated.
|
|
199
|
+
'consent-preserve': {
|
|
200
|
+
id: 'consent-preserve',
|
|
201
|
+
uid: '_test-consent-preserve',
|
|
202
|
+
email: '_test.consent-preserve@{domain}',
|
|
203
|
+
properties: {
|
|
204
|
+
roles: {},
|
|
205
|
+
subscription: { product: { id: 'basic' }, status: 'active' },
|
|
206
|
+
},
|
|
207
|
+
},
|
|
196
208
|
};
|
|
197
209
|
|
|
198
210
|
/**
|
package/templates/_.env
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
# ========== Default Values ==========
|
|
2
|
+
# GitHub
|
|
3
|
+
GH_TOKEN=""
|
|
4
|
+
|
|
2
5
|
# Backend Manager
|
|
3
6
|
BACKEND_MANAGER_KEY=""
|
|
4
7
|
BACKEND_MANAGER_WEBHOOK_KEY=""
|
|
@@ -6,9 +9,6 @@ BACKEND_MANAGER_NAMESPACE=""
|
|
|
6
9
|
BACKEND_MANAGER_OPENAI_API_KEY=""
|
|
7
10
|
BACKEND_MANAGER_ANTHROPIC_API_KEY=""
|
|
8
11
|
|
|
9
|
-
# GitHub
|
|
10
|
-
GITHUB_TOKEN=""
|
|
11
|
-
|
|
12
12
|
# AI
|
|
13
13
|
OPENAI_API_KEY=""
|
|
14
14
|
ANTHROPIC_API_KEY=""
|
|
@@ -112,7 +112,7 @@ module.exports = {
|
|
|
112
112
|
name: 'create-test-post',
|
|
113
113
|
auth: 'admin',
|
|
114
114
|
timeout: 60000,
|
|
115
|
-
skip: !process.env.
|
|
115
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
116
116
|
|
|
117
117
|
async run({ assert, state, config }) {
|
|
118
118
|
if (!config.github?.repo_website) {
|
|
@@ -120,7 +120,7 @@ module.exports = {
|
|
|
120
120
|
return;
|
|
121
121
|
}
|
|
122
122
|
|
|
123
|
-
const octokit = new Octokit({ auth: process.env.
|
|
123
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
124
124
|
|
|
125
125
|
// Parse owner/repo from githubRepoWebsite
|
|
126
126
|
const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
|
|
@@ -181,7 +181,7 @@ module.exports = {
|
|
|
181
181
|
name: 'verify-file-exists',
|
|
182
182
|
auth: 'admin',
|
|
183
183
|
timeout: 30000,
|
|
184
|
-
skip: !process.env.
|
|
184
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
185
185
|
|
|
186
186
|
async run({ assert, state, config }) {
|
|
187
187
|
if (!state.postPath) {
|
|
@@ -190,7 +190,7 @@ module.exports = {
|
|
|
190
190
|
|
|
191
191
|
state.postUrl = `https://${config.domain}/blog/${state.postSlug}`;
|
|
192
192
|
|
|
193
|
-
const octokit = new Octokit({ auth: process.env.
|
|
193
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
194
194
|
|
|
195
195
|
// Verify the file exists via direct API (not code search)
|
|
196
196
|
const { data: fileData } = await octokit.rest.repos.getContent({
|
|
@@ -211,7 +211,7 @@ module.exports = {
|
|
|
211
211
|
name: 'edit-test-post',
|
|
212
212
|
auth: 'admin',
|
|
213
213
|
timeout: 60000,
|
|
214
|
-
skip: !process.env.
|
|
214
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
215
215
|
|
|
216
216
|
async run({ http, assert, state }) {
|
|
217
217
|
if (!state.postUrl) {
|
|
@@ -244,7 +244,7 @@ module.exports = {
|
|
|
244
244
|
name: 'verify-edit',
|
|
245
245
|
auth: 'admin',
|
|
246
246
|
timeout: 30000,
|
|
247
|
-
skip: !process.env.
|
|
247
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
248
248
|
|
|
249
249
|
async run({ assert, state }) {
|
|
250
250
|
if (!state.postPath || state.editSkipped) {
|
|
@@ -252,7 +252,7 @@ module.exports = {
|
|
|
252
252
|
return;
|
|
253
253
|
}
|
|
254
254
|
|
|
255
|
-
const octokit = new Octokit({ auth: process.env.
|
|
255
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
256
256
|
|
|
257
257
|
// Fetch the file directly from GitHub
|
|
258
258
|
const { data: fileData } = await octokit.rest.repos.getContent({
|
|
@@ -309,11 +309,11 @@ module.exports = {
|
|
|
309
309
|
timeout: 60000,
|
|
310
310
|
|
|
311
311
|
async run({ state }) {
|
|
312
|
-
if (!process.env.
|
|
312
|
+
if (!process.env.GH_TOKEN || !state.postPath) {
|
|
313
313
|
return;
|
|
314
314
|
}
|
|
315
315
|
|
|
316
|
-
const octokit = new Octokit({ auth: process.env.
|
|
316
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
317
317
|
|
|
318
318
|
// Get the current SHA (may have changed after edit)
|
|
319
319
|
try {
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Writes arbitrary content to a GitHub repository
|
|
5
5
|
* Requires admin/blogger role, GitHub API key, and repo_website config
|
|
6
6
|
*
|
|
7
|
-
* IMPORTANT: These tests require
|
|
7
|
+
* IMPORTANT: These tests require GH_TOKEN and github.repo_website to be configured.
|
|
8
8
|
* If GitHub is not configured, the tests will fail.
|
|
9
9
|
*
|
|
10
10
|
* This is a suite because we need to clean up created files and cancel workflows after tests.
|
|
@@ -155,11 +155,11 @@ module.exports = {
|
|
|
155
155
|
timeout: 60000,
|
|
156
156
|
|
|
157
157
|
async run({ state, config }) {
|
|
158
|
-
if (!process.env.
|
|
158
|
+
if (!process.env.GH_TOKEN || !config.github?.repo_website) {
|
|
159
159
|
return;
|
|
160
160
|
}
|
|
161
161
|
|
|
162
|
-
const octokit = new Octokit({ auth: process.env.
|
|
162
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
163
163
|
|
|
164
164
|
// Parse owner/repo from githubRepoWebsite (e.g., 'https://github.com/owner/repo')
|
|
165
165
|
const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
|
|
@@ -111,8 +111,8 @@ module.exports = {
|
|
|
111
111
|
skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE env var not set' : false,
|
|
112
112
|
|
|
113
113
|
async run({ http, assert, state, config }) {
|
|
114
|
-
if (!process.env.
|
|
115
|
-
assert.fail('
|
|
114
|
+
if (!process.env.GH_TOKEN) {
|
|
115
|
+
assert.fail('GH_TOKEN env var not set');
|
|
116
116
|
return;
|
|
117
117
|
}
|
|
118
118
|
|
|
@@ -167,7 +167,7 @@ module.exports = {
|
|
|
167
167
|
return; // Previous test didn't run
|
|
168
168
|
}
|
|
169
169
|
|
|
170
|
-
const octokit = new Octokit({ auth: process.env.
|
|
170
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
171
171
|
|
|
172
172
|
// Fetch the committed post from GitHub
|
|
173
173
|
const { data: fileData } = await octokit.rest.repos.getContent({
|
|
@@ -203,7 +203,7 @@ module.exports = {
|
|
|
203
203
|
return; // Previous test didn't run
|
|
204
204
|
}
|
|
205
205
|
|
|
206
|
-
const octokit = new Octokit({ auth: process.env.
|
|
206
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
207
207
|
const imageDir = `src/assets/images/blog/post-${state.postId}/`;
|
|
208
208
|
|
|
209
209
|
// List committed images and pick the header (matches the slugified URL "bem-test-create-post")
|
|
@@ -285,11 +285,11 @@ module.exports = {
|
|
|
285
285
|
timeout: 60000,
|
|
286
286
|
|
|
287
287
|
async run({ state }) {
|
|
288
|
-
if (!process.env.
|
|
288
|
+
if (!process.env.GH_TOKEN || !state.postPath) {
|
|
289
289
|
return;
|
|
290
290
|
}
|
|
291
291
|
|
|
292
|
-
const octokit = new Octokit({ auth: process.env.
|
|
292
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
293
293
|
|
|
294
294
|
// Delete the test post
|
|
295
295
|
try {
|
|
@@ -114,7 +114,7 @@ module.exports = {
|
|
|
114
114
|
name: 'create-test-post',
|
|
115
115
|
auth: 'admin',
|
|
116
116
|
timeout: 60000,
|
|
117
|
-
skip: !process.env.
|
|
117
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
118
118
|
|
|
119
119
|
async run({ assert, state, config }) {
|
|
120
120
|
if (!config.github?.repo_website) {
|
|
@@ -122,7 +122,7 @@ module.exports = {
|
|
|
122
122
|
return;
|
|
123
123
|
}
|
|
124
124
|
|
|
125
|
-
const octokit = new Octokit({ auth: process.env.
|
|
125
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
126
126
|
|
|
127
127
|
// Parse owner/repo from githubRepoWebsite
|
|
128
128
|
const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
|
|
@@ -183,7 +183,7 @@ module.exports = {
|
|
|
183
183
|
name: 'verify-file-exists',
|
|
184
184
|
auth: 'admin',
|
|
185
185
|
timeout: 30000,
|
|
186
|
-
skip: !process.env.
|
|
186
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
187
187
|
|
|
188
188
|
async run({ assert, state, config }) {
|
|
189
189
|
if (!state.postPath) {
|
|
@@ -192,7 +192,7 @@ module.exports = {
|
|
|
192
192
|
|
|
193
193
|
state.postUrl = `https://${config.domain}/blog/${state.postSlug}`;
|
|
194
194
|
|
|
195
|
-
const octokit = new Octokit({ auth: process.env.
|
|
195
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
196
196
|
|
|
197
197
|
// Verify the file exists via direct API (not code search)
|
|
198
198
|
const { data: fileData } = await octokit.rest.repos.getContent({
|
|
@@ -213,7 +213,7 @@ module.exports = {
|
|
|
213
213
|
name: 'edit-test-post',
|
|
214
214
|
auth: 'admin',
|
|
215
215
|
timeout: 60000,
|
|
216
|
-
skip: !process.env.
|
|
216
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
217
217
|
|
|
218
218
|
async run({ http, assert, state }) {
|
|
219
219
|
if (!state.postUrl) {
|
|
@@ -246,7 +246,7 @@ module.exports = {
|
|
|
246
246
|
name: 'verify-edit',
|
|
247
247
|
auth: 'admin',
|
|
248
248
|
timeout: 30000,
|
|
249
|
-
skip: !process.env.
|
|
249
|
+
skip: !process.env.GH_TOKEN ? 'GH_TOKEN env var not set' : false,
|
|
250
250
|
|
|
251
251
|
async run({ assert, state }) {
|
|
252
252
|
if (!state.postPath || state.editSkipped) {
|
|
@@ -254,7 +254,7 @@ module.exports = {
|
|
|
254
254
|
return;
|
|
255
255
|
}
|
|
256
256
|
|
|
257
|
-
const octokit = new Octokit({ auth: process.env.
|
|
257
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
258
258
|
|
|
259
259
|
// Fetch the file directly from GitHub
|
|
260
260
|
const { data: fileData } = await octokit.rest.repos.getContent({
|
|
@@ -311,11 +311,11 @@ module.exports = {
|
|
|
311
311
|
timeout: 60000,
|
|
312
312
|
|
|
313
313
|
async run({ state }) {
|
|
314
|
-
if (!process.env.
|
|
314
|
+
if (!process.env.GH_TOKEN || !state.postPath) {
|
|
315
315
|
return;
|
|
316
316
|
}
|
|
317
317
|
|
|
318
|
-
const octokit = new Octokit({ auth: process.env.
|
|
318
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
319
319
|
|
|
320
320
|
// Get the current SHA (may have changed after edit)
|
|
321
321
|
try {
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Writes arbitrary content to a GitHub repository
|
|
5
5
|
* Requires admin/blogger role, GitHub API key, and repo_website config
|
|
6
6
|
*
|
|
7
|
-
* IMPORTANT: These tests require
|
|
7
|
+
* IMPORTANT: These tests require GH_TOKEN and github.repo_website to be configured.
|
|
8
8
|
* If GitHub is not configured, the tests will fail.
|
|
9
9
|
*
|
|
10
10
|
* This is a suite because we need to clean up created files and cancel workflows after tests.
|
|
@@ -155,11 +155,11 @@ module.exports = {
|
|
|
155
155
|
timeout: 60000,
|
|
156
156
|
|
|
157
157
|
async run({ state, config }) {
|
|
158
|
-
if (!process.env.
|
|
158
|
+
if (!process.env.GH_TOKEN || !config.github?.repo_website) {
|
|
159
159
|
return;
|
|
160
160
|
}
|
|
161
161
|
|
|
162
|
-
const octokit = new Octokit({ auth: process.env.
|
|
162
|
+
const octokit = new Octokit({ auth: process.env.GH_TOKEN });
|
|
163
163
|
|
|
164
164
|
// Parse owner/repo from githubRepoWebsite (e.g., 'https://github.com/owner/repo')
|
|
165
165
|
const repoMatch = config.github?.repo_website.match(/github\.com\/([^/]+)\/([^/]+)/);
|
|
@@ -347,6 +347,95 @@ module.exports = {
|
|
|
347
347
|
},
|
|
348
348
|
},
|
|
349
349
|
|
|
350
|
+
// --- Consent downgrade-protection tests ---
|
|
351
|
+
// Guards against data loss when a LEGACY account (signed up before the flags.signupProcessed
|
|
352
|
+
// flow existed, so flag never set) re-fires /user/signup on page load. Its localStorage
|
|
353
|
+
// consent is long gone, so the payload is empty — without the guard, buildConsentRecord
|
|
354
|
+
// would compute 'revoked' and the {merge:true} write would wipe the consent the user
|
|
355
|
+
// actually granted months ago. The guard preserves any existing 'granted' status.
|
|
356
|
+
{
|
|
357
|
+
name: 'consent-empty-payload-preserves-existing-grant',
|
|
358
|
+
async run({ http, firestore, assert, accounts }) {
|
|
359
|
+
const uid = accounts['consent-preserve'].uid;
|
|
360
|
+
|
|
361
|
+
// Seed the doc as an established account whose consent is already granted (as a real
|
|
362
|
+
// legacy signup would be after the OMEGA migration backfilled consent). flags is left
|
|
363
|
+
// at the schema default (signupProcessed: false) to mimic the legacy state exactly.
|
|
364
|
+
// merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
|
|
365
|
+
await firestore.set(`users/${uid}`, {
|
|
366
|
+
consent: {
|
|
367
|
+
legal: {
|
|
368
|
+
status: 'granted',
|
|
369
|
+
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy legal grant' },
|
|
370
|
+
},
|
|
371
|
+
marketing: {
|
|
372
|
+
status: 'granted',
|
|
373
|
+
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Legacy marketing grant' },
|
|
374
|
+
revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
|
|
375
|
+
},
|
|
376
|
+
},
|
|
377
|
+
flags: { signupProcessed: false },
|
|
378
|
+
}, { merge: true });
|
|
379
|
+
|
|
380
|
+
// Re-fire signup with NO consent payload (the legacy page-load case).
|
|
381
|
+
const signupResponse = await http.as('consent-preserve').post('user/signup', {});
|
|
382
|
+
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
383
|
+
|
|
384
|
+
const userDoc = await firestore.get(`users/${uid}`);
|
|
385
|
+
|
|
386
|
+
// CRITICAL: the prior grants must survive — NOT be downgraded to revoked.
|
|
387
|
+
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status must stay granted (not downgraded by empty payload)');
|
|
388
|
+
assert.equal(userDoc?.consent?.legal?.grantedAt?.text, 'Legacy legal grant', 'legal grantedAt must be the preserved original, not wiped');
|
|
389
|
+
assert.equal(userDoc?.consent?.legal?.grantedAt?.timestampUNIX, 1735689600, 'legal grantedAt timestamp must be preserved');
|
|
390
|
+
|
|
391
|
+
assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (not downgraded by empty payload)');
|
|
392
|
+
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Legacy marketing grant', 'marketing grantedAt must be the preserved original');
|
|
393
|
+
// No spurious revokedAt should have been stamped over the preserved grant.
|
|
394
|
+
assert.equal(userDoc?.consent?.marketing?.revokedAt?.timestamp, null, 'marketing revokedAt must stay null (no decline was recorded)');
|
|
395
|
+
|
|
396
|
+
// signupProcessed should now be flipped true by this run.
|
|
397
|
+
assert.equal(userDoc?.flags?.signupProcessed, true, 'signupProcessed should be set true after the run');
|
|
398
|
+
},
|
|
399
|
+
},
|
|
400
|
+
{
|
|
401
|
+
name: 'consent-explicit-decline-does-not-downgrade-existing-grant',
|
|
402
|
+
async run({ http, firestore, assert, accounts }) {
|
|
403
|
+
const uid = accounts['consent-preserve'].uid;
|
|
404
|
+
|
|
405
|
+
// Re-seed: granted marketing + UNSET signupProcessed so the route processes this call.
|
|
406
|
+
// Then send a payload that explicitly DECLINES marketing. The guard must still preserve
|
|
407
|
+
// the existing grant — only an explicit RE-GRANT may overwrite; a decline-over-grant on
|
|
408
|
+
// the signup path is treated as a non-grant and must not wipe a prior consent.
|
|
409
|
+
// merge:true — preserve the runner-provisioned auth.uid (pollForUserDoc needs it).
|
|
410
|
+
await firestore.set(`users/${uid}`, {
|
|
411
|
+
consent: {
|
|
412
|
+
marketing: {
|
|
413
|
+
status: 'granted',
|
|
414
|
+
grantedAt: { timestamp: '2025-01-01T00:00:00.000Z', timestampUNIX: 1735689600, source: 'signup', ip: null, text: 'Prior marketing grant' },
|
|
415
|
+
revokedAt: { timestamp: null, timestampUNIX: null, source: null, ip: null, text: null },
|
|
416
|
+
},
|
|
417
|
+
},
|
|
418
|
+
flags: { signupProcessed: false },
|
|
419
|
+
}, { merge: true });
|
|
420
|
+
|
|
421
|
+
const signupResponse = await http.as('consent-preserve').post('user/signup', {
|
|
422
|
+
consent: {
|
|
423
|
+
legal: { granted: true, text: 'Legal grant on re-fire' },
|
|
424
|
+
marketing: { granted: false, text: 'Declining marketing' },
|
|
425
|
+
},
|
|
426
|
+
});
|
|
427
|
+
assert.isSuccess(signupResponse, `Signup should succeed: ${JSON.stringify(signupResponse, null, 2)}`);
|
|
428
|
+
|
|
429
|
+
const userDoc = await firestore.get(`users/${uid}`);
|
|
430
|
+
|
|
431
|
+
// Legal newly granted this call.
|
|
432
|
+
assert.equal(userDoc?.consent?.legal?.status, 'granted', 'legal.status should be granted from this call');
|
|
433
|
+
// Marketing was already granted; an explicit decline must NOT downgrade it.
|
|
434
|
+
assert.equal(userDoc?.consent?.marketing?.status, 'granted', 'marketing.status must stay granted (decline cannot downgrade an existing grant on signup path)');
|
|
435
|
+
assert.equal(userDoc?.consent?.marketing?.grantedAt?.text, 'Prior marketing grant', 'marketing grant must be the preserved original');
|
|
436
|
+
},
|
|
437
|
+
},
|
|
438
|
+
|
|
350
439
|
// --- Auth rejection test (at end per convention) ---
|
|
351
440
|
{
|
|
352
441
|
name: 'unauthenticated-rejected',
|